package com.erp.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

/**
 * @author lqm
 * @ClassName SecurityConfig
 * @description: TODO
 */
@Configuration
//开启security安全认证
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    PasswordEncoder bcryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                //开启跨域
//                .cors().and()
                .authorizeRequests(temp -> temp
                        .antMatchers("/user/dologin","/user/login").permitAll()
                        .antMatchers("/swagger-ui.html", "/v2/api-docs", "/swagger-resources/**", "/webjars/**").permitAll()
                        .anyRequest().authenticated()
                )
                .formLogin(form -> form.loginPage("/user/login"))
                .csrf().disable()
                .rememberMe(Customizer.withDefaults())
        //关闭session
//        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        ;

        return   http.build();
    }

}
